Industrial Safety Systems Hit by ‘Triton’ Malware

Data protection concept photo with background of keyboard and a message of malware attack
A dangerous malware called Triton is targeting vital industrial processes in critical infrastructure departments.

With cyber attacks on the rise, operational outages are far too common.

But last Thursday marks the update on one of the biggest and deadliest hacks in recent times.

Cyber security experts are particularly concerned about the hack because the malware deployed is both unconventional and limited.

The malware, which is known as “Triton,” was targeted to infect the critical infrastructure of an unidentified organization so that the industrial safety systems could be easily manipulated.

The targeted systems were designed to prevent health and life-threatening accidents among potential patients.

The Triton malware came with the capability of inadvertently shutting down vital industrial processes.

According to cyber security professionals, the attackers behind the malware wanted to cause severe operational outrage with this move.

What is this malware all about?

In this cyber attack, the Triton malware was designed with a framework to interact with and manipulate the SIS (Triconex Safety Instrumented System) controllers.

While the incident is not yet considered to be a threat actor, cyber security professionals feel that the activity is almost consistent in a state which is preparing for major attacks.

The Triton malware belongs to the family of limited publicly acknowledged software that primarily targets industrial control systems (or ICS).

It follows the format of Stuxnet, a notorious malware program initially used against Iran during the year 2010.

It also bears resemblance with Industroyer, which was deployed against Ukraine in 2016.

The Triton malware has been extremely consistent with these attacks.

In addition to this, it also has the power to prevent the safety processes from implementing their required functions.

The final result is that of significant physical damage to the industrial processes.

Most cyber security professionals conform to this statement as they too feel that the Triton malware is primarily deployed to cause physical damage to the unnamed sites.

It works by targeting a safety process which several leading critical infrastructure sites use for preventing unsafe conditions to arise.


Illustration of wordcloud tags of malware concept
Cyber security experts are particularly concerned about the hack because the malware deployed is both unconventional and limited.

Last Thursday, U.S. cyber security firm FireEye published an update about this attack in a dedicated blog post.

They warned countries across the globe to update the IT security of their sensitive critical infrastructure as the malware had already affected an unidentified organization.

While the firm did inform the public about the cyber attack, it declined to name the particular industrial sector or the country that had been targeted.

They, however, stated that there is a high possibility of the attack being funded by a nation state.

FireEye researchers stated they are not yet aware if the Triton malware attack is being sponsored by Iran, North Korea or Russia.

While all of these countries have been extremely active in the critical infrastructure department, the exact geographical location is yet to be identified.

He further added that the risks these attacks pose should not be ignored in any case.

This is all the more relevant as the attacker’s goal was to disrupt operational processes rather than steal data.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.